Arsenal – Recon Tool Installer
Arsenal is a Simple shell script (Bash) used to install the most important tools and requirements for your environment and save time in installing all these tools. Tools in Arsenal NamedescriptionAmassThe OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniquesffufA fast web fuzzer written in GodnsXFast and multi-purpose...
Erlik 2 : Vulnerable Flask App
Erlik 2 is a vulnerable Flask Web App. It is a lab environment created for people who want to improve themselves in the field of web penetration testing. Features It contains the following vulnerabilities. -HTML Injection-XSS-SSTI-SQL Injection-Information Disclosure-Command Injection-Brute Force-Deserialization-Broken Authentication-DOS-File Upload Installation git clone https://github.com/anil-yelken/Vulnerable-Flask-Appcd Vulnerable-Flask-Appsudo pip3 install -r requirements.txt Usage python3 vulnerable-flask-app.py Click Here To Download
Utkuici – Nessus Automation
Today, with the spread of information technology systems, investments in the field of cyber security have increased to a great extent. Vulnerability management, penetration tests and various analyzes are carried out to accurately determine how much our institutions can be affected by cyber threats. With Tenable Nessus, the industry leader in vulnerability management tools, an IP address that has...
Java-Remote-Class-Loader : Tool To Send Java Bytecode Victims To Load & Execute
Java-Remote-Class-Loader is a tool that allows you to send Java bytecode in the form of class files to your clients (or potential targets) to load and execute using Java ClassLoader together with Reflect API. The client receives the class file from the server and return the respective execution output. Payloads must be written in Java and compiled before starting...
Bayanay – Python Wardriving Tool
Bayanay is a Python Wardriving tool. WarDriving is the act of navigating, on foot or by car, to discover wireless networks in the surrounding area. Features Wardriving is done by combining the SSID information obtained with scapy using the HTML5 geolocation feature. Usage I cannot be held responsible for the malicious use of the vehicle. ssidBul.py has been tested via TP-LINK TL WN722N. Selenium 3.11.0...
Deadfinder – Find Dead-Links (Broken Links)
Dead link (broken link) means a link within a web page that cannot be connected. These links can have a negative impact to SEO and Security. Deadfinder tool makes it easy to identify and modify. Installation Install with Gem gem install deadfinder Docker Image docker pull ghcr.io/hahwul/deadfinder:latest Usage Commands: deadfinder file # Scan the...
Pmanager – Store And Retrieve Your Passwords From A Secure Offline Database
PManager Store and retrieve your passwords from a secure offline database. Check if your passwords has leaked previously to prevent targeted password reuse attacks. Demo Features Secure password storage with state of the art cryptographic algorithms.Multiple iterations of argon2id for key derivation to make it harder for attacker to conduct brute force attacks.Aes-gcm256 for database encryption.Custom encrypted key-value database which ensures data...
TestSSL.SH : Testing TLS/SSL Encryption Anywhere On Any Port
.png "TestSSL.SH : Testing TLS/SSL Encryption Anywhere On Any Port")
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. Key features Clear output: you can tell easily whether anything is good or bad.Machine readable output (CSV, two JSON formats)No need to install or to configure something. No gems, CPAN, pip or the like.Works...
Lunar : UNIX Security Auditing Tool
.png "Lunar : UNIX Security Auditing Tool")
lunar, Lockdown UNix Auditing and Reporting Version Current version 8.0.5 Refer to lunar.sh and changelog for more up to date version information Introduction This scripts generates a scored audit report of a Unix host's security. It is based on the CIS and other frameworks. Where possible there are references to the CIS and other benchmarks in the code documentation. Why a shell script? I wanted...
Psudohash : Password List Generator That Focuses On Keywords Mutated By Commonly Used Password Creation Patterns
.png "Psudohash : Password List Generator That Focuses On Keywords Mutated By Commonly Used Password Creation Patterns")
psudohash is a password list generator for orchestrating brute force attacks. It imitates certain password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers, using char-case variations, adding a common padding before or after the word and more. It is keyword-based and highly customizable. Pentesting Corporate Environments System administrators and other employees often use a...
